89

GitHub - snyk/snyk: CLI and build-time tool to find & fix known vulnerabilit...

 6 years ago
source link: https://github.com/snyk/snyk
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

68747470733a2f2f736e796b2e696f2f7374796c652f61737365742f6c6f676f2f736e796b2d7072696e742e737667

Snyk CLI

Snyk scans and monitors your projects for security vulnerabilities.

Snyk CLI screenshot

What is Snyk?

Snyk is a developer-first cloud-native security tool. It covers multiple areas of application security:

  1. Snyk Open Source: Find and automatically fix open source vulnerabilities
  2. Snyk Code: Find and fix vulnerabilities in your application code in real time
  3. Snyk Container: Find and fix vulnerabilities in container images and Kubernetes applications
  4. Snyk Infrastructure as Code: Find and fix insecure configurations in Terraform and Kubernetes code

Learn more about what Snyk can do and sign up for a free account »

What is Snyk CLI?

Snyk CLI brings the functionality of Snyk into your development workflow. It can be run locally or in your CI/CD pipeline to scan your projects for security issues.

Supported languages and tools

Snyk supports many languages and tools, including Java, .NET, JavaScript, Python, Golang, PHP, C/C++, Ruby, Scala and more. See our Language Support documentation.

CLI also supports Docker scanning and Terraform, k8s and other Infrastructure as Code files scanning.

Install Snyk CLI

Snyk CLI can be installed through multiple channels.

Install with npm or Yarn

Snyk CLI is available as an npm package. If you have Node.js installed locally, you can install it by running:

npm install snyk@latest -g

or if you are using Yarn:

yarn global add snyk

More installation methods

Standalone executables (macOS, Linux, Windows)

curl https://static.snyk.io/cli/latest/snyk-macos -o snyk
chmod +x ./snyk
mv ./snyk /usr/local/bin/
grep snyk-macos sha256sums.txt.asc  sha256sum -c -


gpg --keyserver hkps://keys.openpgp.org --recv-keys A22665FB96CAB0E0973604C83676C4B8289C296E
gpg --verify sha256sums.txt.asc

Install with Homebrew (macOS, Linux)

brew tap snyk/tap
brew install snyk

Scoop (Windows)Snyk CLI in a Docker image

Install as a part of a Snyk CLI integration

Snyk also offers many integrations into developer tooling. These integrations will install and manage the Snyk CLI for you. For example:

Snyk CLI IDE integration

Getting started with Snyk CLI

Once you installed the Snyk CLI, you can verify it's working by running:

snyk --help

See the full Snyk CLI help.

Authenticating Snyk CLI

Snyk CLI depends on Snyk.io APIs. Connect your Snyk CLI with Snyk.io by running:

snyk auth

Setting up language support

Depending on your project's language, you might need to setup your language environment before using Snyk.

See our Language Support documentation.

Scanning your project

If you are already in a folder with a supported project, start by running:

snyk test

Or scan a Docker image by its tag with Snyk Container:

snyk container test ubuntu:18.04

Or a k8s file:

snyk iac test /path/to/kubernetes_file.yaml

Monitoring your project

Snyk can also monitor your project periodically and alert you for new vulnerabilities. The snyk monitor is similar to snyk test and can be used to create a project on the Snyk website that will be continuously monitored for new vulnerabilities.

Snyk CLI monitor projects
> snyk monitor
Monitoring /project (project-name)...

Explore this snapshot at https://app.snyk.io/org/my-org/project/29361c2c-9005-4692-8df4-88f1c040fa7c/history/e1c994b3-de5d-482b-9281-eab4236c851e

Notifications about newly disclosed issues related to these dependencies will be emailed to you.

Add Snyk to your CI/CD

Snyk is really powerful when you are continuously scanning and monitoring your projects for vulnerabilities.

Use one of our integrations to stay secure.

You can authorize Snyk CLI in your CI/CD programatically:

# Using a SNYK_TOKEN envvar (preferred)
SNYK_TOKEN=<SNYK_API_TOKEN> snyk test

# Or using a Snyk auth command
snyk auth <SNYK_API_TOKEN>
snyk test

More flags and options to try

Here are some flags that you might find useful:

  • --severity-threshold=low|medium|high|critical

    Only report vulnerabilities of provided level or higher.

  • --json

    Prints results in JSON format.

  • --all-projects

    Auto-detect all projects in working directory

See all the available commands and options by running --help:

snyk --help
# or get help for a specific command like
snyk iac --help
snyk code --help

Getting support

If you need support using Snyk CLI, please contact support.

We do not actively monitor GitHub Issues so any issues there may go unnoticed.

Contributing

If you are an external contributor, before working on any contributions, please first contact support to discuss the issue or feature request with us.

If you are contributing to Snyk CLI, see our contributing guidelines

For information on how Snyk CLI is implemented, see our design decisions.

This repository is a monorepo, also covering other projects and tools:

Security

For any security issues or concerns, please see SECURITY.md file in this repository.

Notices

Snyk API usage policy

The use of Snyk's API, whether through the use of the 'snyk' npm package or otherwise, is subject to the Terms & Conditions.

Made with purple_heart by Snyk


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK